ports/opt
4
3
Fork 1
Code Issues 1 Pull Requests Activity

[notify] libsndfile: 1.0.28 -> 1.0.30 new dependencies: opus python3

Browse Source
This commit is contained in:
Danny Rawlins 2020-09-29 21:03:20 +10:00
parent c40bff9204
commit 4e6bf273d8
7 changed files with 12 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libsndfile/.footprint
View File

@ -14,10 +14,11 @@ drwxr-xr-x root/root usr/include/
-rw-r--r-- root/root usr/include/sndfile.h
-rw-r--r-- root/root usr/include/sndfile.hh
drwxr-xr-x root/root usr/lib/
-rw-r--r-- root/root usr/lib/libsndfile.a
-rwxr-xr-x root/root usr/lib/libsndfile.la
lrwxrwxrwx root/root usr/lib/libsndfile.so -> libsndfile.so.1.0.28
lrwxrwxrwx root/root usr/lib/libsndfile.so.1 -> libsndfile.so.1.0.28
-rwxr-xr-x root/root usr/lib/libsndfile.so.1.0.28
lrwxrwxrwx root/root usr/lib/libsndfile.so -> libsndfile.so.1.0.30
lrwxrwxrwx root/root usr/lib/libsndfile.so.1 -> libsndfile.so.1.0.30
-rwxr-xr-x root/root usr/lib/libsndfile.so.1.0.30
drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/sndfile.pc
drwxr-xr-x root/root usr/share/

12
libsndfile/.signature
View File

@ -1,9 +1,5 @@
untrusted comment: verify with /etc/ports/opt.pub
RWSE3ohX2g5d/YsV93PAHNXQQZgln+/zeRBIUlMrj3sCx68jhj+k4yP+GVEuquH4IgLVqYkoQ/lBWwFl3ct8iW4xPBaDcI3zvwY=
SHA256 (Pkgfile) = c99061c7c8f175404caa887fcd88e992b922272e29c039c231d8377998f97753
SHA256 (.footprint) = 1508250f5c0bcbc42c44cef16716c78afb22ea6d7ebbe99034bf2a4033bf3c13
SHA256 (libsndfile-1.0.28.tar.gz) = 1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9
SHA256 (0001-FLAC-Fix-a-buffer-read-overrun.patch) = 256eda5665ccad5a38030594f83a16ae9b271f8d0dd31f4d3b650bafaf93aef0
SHA256 (0002-src-flac.c-Fix-a-buffer-read-overflow.patch) = 9d86583733521602e6b5ca52730bfe0727b9beef513db82552930477bf3c99e2
SHA256 (0010-src-aiff.c-Fix-a-buffer-read-overflow.patch) = 3635a53dae48f02123872c9c0234ca55b38bc260dc37a5813b7211da85ba73f3
SHA256 (0020-src-common.c-Fix-heap-buffer-overflows-when-writing.patch) = 7a2a37bcae3f4c48a79b06127964d34fbaf66011a31060680516434848800aad
RWSE3ohX2g5d/e2zuf1D7iYPWKgxJ/lHokk5UoLMKuHJspzXZOsZWlFCt9aBfJ3RlNp/cY1suN5dHOytnporxxpYuU1TlhM2sQg=
SHA256 (Pkgfile) = a0ba4685692048aab715b4de5f6fd14b9291be5844cffbadc6e8ec9dfa4e2a5d
SHA256 (.footprint) = 22c6fcd77e797b8115f2bbd1e46a17da3d33f70b1287b011dac1e65f2a1a5e91
SHA256 (libsndfile-1.0.30.tar.bz2) = ec898634766595438142c76cf3bdd46b77305d4a295dd16b29d024122d7a4b3f

60
libsndfile/0001-FLAC-Fix-a-buffer-read-overrun.patch
View File

@ -1,60 +0,0 @@
From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 12 Apr 2017 19:45:30 +1000
Subject: [PATCH] FLAC: Fix a buffer read overrun
References: CVE-2017-8361 CVE-2017-8363 CVE-2017-8365 bsc#1036944 bsc#1036945 bsc#1036946
Buffer read overrun occurs when reading a FLAC file that switches
from 2 channels to one channel mid-stream. Only option is to
abort the read.
Closes: https://github.com/erikd/libsndfile/issues/230
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
--- a/src/flac.c
+++ b/src/flac.c
@@ -435,6 +435,19 @@ sf_flac_meta_callback (const FLAC__Strea
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+ "Nothing to be but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+ "Carrying on as if nothing happened.",
+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
psf->sf.frames = metadata->data.stream_info.total_samples ;
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },

50
libsndfile/0002-src-flac.c-Fix-a-buffer-read-overflow.patch
View File

@ -1,50 +0,0 @@
From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH] src/flac.c: Fix a buffer read overflow
References: CVE-2017-8362 bsc#1036943
A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.
Closes: https://github.com/erikd/libsndfile/issues/231
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -437,7 +444,7 @@ sf_flac_meta_callback (const FLAC__Strea
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;

23
libsndfile/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
View File

@ -1,23 +0,0 @@
From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
Secunia Advisory SA76717.
Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;

86
libsndfile/0020-src-common.c-Fix-heap-buffer-overflows-when-writing.patch
View File

@ -1,86 +0,0 @@
From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
Date: Wed, 14 Jun 2017 12:25:40 +0200
Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
in binheader
Fixes the following problems:
1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
big switch statement by an amount (16 bytes) which is enough for all cases
where only a single value gets added. Cases 's', 'S', 'p' however
additionally write an arbitrary length block of data and again enlarge the
buffer to the required amount. However, the required space calculation does
not take into account the size of the length field which gets output before
the data.
3. Buffer size requirement calculation in case 'S' does not account for the
padding byte ("size += (size & 1) ;" happens after the calculation which
uses "size").
4. Case 'S' can overrun the header buffer by 1 byte when no padding is
involved
("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
the buffer is only guaranteed to have "size" space available).
5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
beyond the space which is guaranteed to be allocated in the header buffer.
6. Case 's' can overrun the provided source string by 1 byte if padding is
involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
plus optionally another 1 which is padding and not guaranteed to be
readable via the source string pointer).
Closes: https://github.com/erikd/libsndfile/issues/292
---
src/common.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/src/common.c
+++ b/src/common.c
@@ -675,16 +675,16 @@ psf_binheader_writef (SF_PRIVATE *psf, c
/* Write a C string (guaranteed to have a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size + (size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size + (size & 1)) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
+ size += (size & 1) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1] = 0 ;
count += 4 + size ;
@@ -697,16 +697,15 @@ psf_binheader_writef (SF_PRIVATE *psf, c
*/
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
header_put_le_int (psf, size) ;
- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
size += (size & 1) ;
psf->header.indx += size ;
- psf->header.ptr [psf->header.indx] = 0 ;
count += 4 + size ;
break ;
@@ -718,7 +717,7 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = (size & 1) ? size : size + 1 ;
size = (size > 254) ? 254 : size ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
return count ;
header_put_byte (psf, size) ;

22
libsndfile/Pkgfile
View File

@ -1,31 +1,17 @@
# Description: Library for manipulating sound files.
# URL: http://www.mega-nerd.com/libsndfile
# Maintainer: Danny Rawlins, crux at romster dot me
# Depends on: alsa-lib flac libvorbis
# Optional: sqlite3
# Depends on: alsa-lib flac libvorbis opus python3
name=libsndfile
version=1.0.28
version=1.0.30
release=1
source=(http://www.mega-nerd.com/$name/files/$name-$version.tar.gz
0001-FLAC-Fix-a-buffer-read-overrun.patch
0002-src-flac.c-Fix-a-buffer-read-overflow.patch
0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
0020-src-common.c-Fix-heap-buffer-overflows-when-writing.patch)
source=(https://github.com/erikd/libsndfile/releases/download/v$version/$name-$version.tar.bz2)
build() {
cd $name-$version
patch -p1 -i $SRC/0001-FLAC-Fix-a-buffer-read-overrun.patch
patch -p1 -i $SRC/0002-src-flac.c-Fix-a-buffer-read-overflow.patch
patch -p1 -i $SRC/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
patch -p1 -i $SRC/0020-src-common.c-Fix-heap-buffer-overflows-when-writing.patch
./configure \
--prefix=/usr \
--disable-static \
--with-pic
./configure --prefix=/usr
make
make DESTDIR=$PKG install